Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

network and install policy modules for example #55446

Closed
wants to merge 22 commits into from
Closed
Changes from 1 commit
Commits
File filter...
Filter file types
Jump to…
Jump to file or symbol
Failed to load files and symbols.

Always

Just for now

try again with the old host and access rule

  • Loading branch information...
chkp-orso committed May 2, 2019
commit eb344abf108e41c789aadf947a221d00762e413c
@@ -52,10 +52,10 @@
"""

RETURN = """
ansible_facts:
description: The checkpoint access layer facts.
api_result:

This comment has been minimized.

Copy link
@justjais

justjais May 13, 2019

Contributor

@chkp-orso why have u modified return param from ansible_facts to api_result

This comment has been minimized.

Copy link
@chkp-orso

chkp-orso May 13, 2019

Author Contributor

@justjais because I wanted it to be consistent, means all the files return api_result.. (all the modules and all the commands like install policy return api_result).
Isn't it better?

This comment has been minimized.

Copy link
@justjais

justjais May 13, 2019

Contributor

@chkp-orso to be consistent with other Ansible resource module, it's better to have as is. Also, it's better to have each module returns the module facts instead of common return.

This comment has been minimized.

Copy link
@chkp-orso

chkp-orso May 15, 2019

Author Contributor

@justjais So to write "ansible_facts" or "checkpoint_access_layer_facts" ?

This comment has been minimized.

Copy link
@justjais

justjais May 15, 2019

Contributor

@chkp-orso for already existing module, u need not to change the return values, respective comment was for future modules

This comment has been minimized.

Copy link
@chkp-orso

chkp-orso May 15, 2019

Author Contributor

@justjais amm but I would prefer all the modules to be consistent..
because I create all the modules automatically with the tool..

This comment has been minimized.

Copy link
@chkp-orso

chkp-orso May 15, 2019

Author Contributor

So I would prefer to return "ansible_facts" or "checkpoint_access_layer_facts" to all files

This comment has been minimized.

Copy link
@justjais

justjais May 16, 2019

Contributor

@chkp-orso It's better to return the facts with the module name, but if not u can return with ansible_facts for e.g. for module checkpoint_host the return value is checkpoint_hosts but for module checkpoint_access_layer_facts the return value is ansible_facts

This comment has been minimized.

Copy link
@chkp-orso

chkp-orso May 16, 2019

Author Contributor

@justjais OK, so anyway because we prefer to be consistent, we will return "ansible_facts" to all the modules

description: The checkpoint object facts.
returned: always.
type: list
type: dict
"""


@@ -71,7 +71,6 @@
- State of the access rule (present or absent). Defaults to present.
type: str
default: present
extends_documentation_fragment: checkpoint_objects
"""

EXAMPLES = """
@@ -83,18 +82,17 @@
source: attacker
destination: Any
action: Drop
- name: Delete access rule
checkpoint_access_rule:
layer: Network
name: "Drop attacker"
"""

RETURN = """
checkpoint_access_rules:
description: The checkpoint access rule object created or updated.
returned: always, except when deleting the access rule.
type: list
api_result:

This comment has been minimized.

Copy link
@justjais

justjais May 13, 2019

Contributor

Return value is the value which is being returned as result to user and in this case result['checkpoint_access_rules'] is being returned as output to user, so u need not not modify the return if the param name itself is not changed.

description: The checkpoint object created or updated.
returned: always, except when deleting the object.
type: dict
"""


@@ -196,7 +194,6 @@ def main():
enabled=dict(type='bool', default=True),
state=dict(type='str', default='present')
)
argument_spec.update(checkpoint_argument_spec)

required_if = [('state', 'present', ('layer', 'position'))]
module = AnsibleModule(argument_spec=argument_spec, required_if=required_if)
@@ -244,4 +241,4 @@ def main():


if __name__ == '__main__':
main()
main()
@@ -59,10 +59,10 @@
"""

RETURN = """
ansible_facts:
description: The checkpoint access rule object facts.
api_result:

This comment has been minimized.

Copy link
@justjais

justjais May 13, 2019

Contributor

same as previous module return comment.

description: The checkpoint object facts.
returned: always.
type: list
type: dict
"""


@@ -104,4 +104,4 @@ def main():


if __name__ == '__main__':
main()
main()
@@ -83,9 +83,9 @@
"""

RETURN = """
checkpoint_address_ranges:
description: The checkpoint address_range object created or updated.
returned: always, except when deleting the address_range.
api_result:

This comment has been minimized.

Copy link
@justjais

justjais May 13, 2019

Contributor

Should be updated as result return with checkpoint_address_range or any other module specific return value

description: The checkpoint object created or updated.
returned: always, except when deleting the object.
type: dict
"""

@@ -98,9 +98,9 @@ def main():
ip_address_first=dict(type='str'),
ipv4_address_first=dict(type='str'),
ipv6_address_first=dict(type='str'),
ip_address_last=dict(type='int'),
ipv4_address_last=dict(type='int'),
ipv6_address_last=dict(type='int'),
ip_address_last=dict(type='str'),
ipv4_address_last=dict(type='str'),
ipv6_address_last=dict(type='str'),
nat_settings=dict(type='dict')
)
argument_spec.update(checkpoint_argument_spec)
@@ -43,8 +43,8 @@
"""

RETURN = """
ansible_address_ranges:
description: The checkpoint address_range object facts.
api_result:

This comment has been minimized.

Copy link
@justjais

justjais May 13, 2019

Contributor

Should be updated as result return with checkpoint_address_range_facts or any other module specific return value

description: The checkpoint object facts.
returned: always.
type: dict
"""
@@ -55,9 +55,9 @@
"""

RETURN = """
checkpoint_groups:
description: The checkpoint group object created or updated.
returned: always, except when deleting the group.
api_result:

This comment has been minimized.

Copy link
@justjais

justjais May 13, 2019

Contributor
Suggested change
api_result:
checkpoint_group:
description: The checkpoint object created or updated.
returned: always, except when deleting the object.
type: dict
"""

@@ -54,8 +54,8 @@
"""

RETURN = """
ansible_groups:
description: The checkpoint group object facts.
api_result:

This comment has been minimized.

Copy link
@justjais

justjais May 13, 2019

Contributor
Suggested change
api_result:
checkpoint_group_facts:
description: The checkpoint object facts.
returned: always.
type: dict
"""
@@ -17,118 +17,170 @@
#

from __future__ import (absolute_import, division, print_function)

__metaclass__ = type


ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'host'}
'supported_by': 'network'}


DOCUMENTATION = """
---
module: checkpoint_host
short_description: Manages host objects on Checkpoint over Web Services API
description:
- Manages host objects on Checkpoint devices including creating, updating, removing host objects.
- Manages host objects on Checkpoint devices including creating, updating, removing access rules objects.
All operations are performed over Web Services API.
version_added: "2.9"
author: "Or Soffer (@chkp-orso)"
version_added: "2.8"
author: "Ansible by Red Hat (@rcarrillocruz)"
options:
type:
name:
description:
- Type of the object.
- Name of the access rule.
type: str
domain:
required: True
ip_address:
description:
- Information about the domain the object belongs to.
type: dict
groups:
description:
- How much details are returned depends on the details-level field of the request. This table shows the level of
detail shown when details-level is set to standard.
type: list
icon:
description:
- Object icon.
- IP address of the host object.
type: str
interfaces:
description:
- Host interfaces.
type: int
ipv4_address:
state:
description:
- IPv4 host address.
- State of the access rule (present or absent). Defaults to present.
type: str
ipv6_address:
description:
- IPv6 host address.
type: str
meta_info:
description:
- Object metadata.
type: dict
nat_settings:
description:
- NAT settings.
type: dict
read_only:
description:
- Indicates whether the object is read-only.
type: bool
host_servers:
description:
- Servers Configuration.
type: str
extends_documentation_fragment: checkpoint_objects
default: present
"""

EXAMPLES = """
- name: Add host object
- name: Create host object
checkpoint_host:
name: "New Host 1"
ip-address: "192.0.2.1"
state: present
name: attacker
ip_address: 192.168.0.15
- name: Delete host object
checkpoint_host:
name: "New Host 1"
name: attacker
state: absent
"""

RETURN = """
checkpoint_hosts:
description: The checkpoint host object created or updated.
returned: always, except when deleting the host.
api_result:

This comment has been minimized.

Copy link
@justjais

justjais May 13, 2019

Contributor
Suggested change
api_result:
checkpoint_hosts:
description: The checkpoint object created or updated.
returned: always, except when deleting the object.
type: dict
"""


from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec, api_call
from ansible.module_utils.connection import Connection
from ansible.module_utils.network.checkpoint.checkpoint import checkpoint_argument_spec, publish
import json


def get_host(module, connection):
name = module.params['name']

payload = {'name': name}

code, response = connection.send_request('/web_api/show-host', payload)

return code, response


def create_host(module, connection):
name = module.params['name']
ip_address = module.params['ip_address']

payload = {'name': name,
'ip-address': ip_address}

code, response = connection.send_request('/web_api/add-host', payload)

return code, response


def update_host(module, connection):
name = module.params['name']
ip_address = module.params['ip_address']

payload = {'name': name,
'ip-address': ip_address}

code, response = connection.send_request('/web_api/set-host', payload)

return code, response


def delete_host(module, connection):
name = module.params['name']

payload = {'name': name}

code, response = connection.send_request('/web_api/delete-host', payload)

return code, response


def needs_update(module, host):
res = False

if module.params['ip_address'] != host['ipv4-address']:
res = True

return res


def main():
argument_spec = dict(
name=dict(type='str', required=True),
ip_address=dict(type='str'),
ipv4_address=dict(type='str'),
ipv6_address=dict(type='str'),
interfaces=dict(type='list'),
nat_settings=dict(type='dict'),
host_servers=dict(type='dict')
state=dict(type='str', default='present')
)
argument_spec.update(checkpoint_argument_spec)
user_parameters = list(argument_spec.keys())
user_parameters.remove('auto_publish_session')
user_parameters.remove('state')

module = AnsibleModule(argument_spec=argument_spec, required_one_of=[['name', 'uid']],
mutually_exclusive=[['name', 'uid']])
api_call_object = "host"

unique_payload_for_get = {'name': module.params['name']} if module.params['name'] else {'uid': module.params['uid']}

api_call(module, api_call_object, user_parameters, unique_payload_for_get)
required_if = [('state', 'present', 'ip_address')]
module = AnsibleModule(argument_spec=argument_spec)
connection = Connection(module._socket_path)
code, response = get_host(module, connection)
result = {'changed': False}

if module.params['state'] == 'present':
if code == 200:
if needs_update(module, response):
code, response = update_host(module, connection)
if code != 200:
module.fail_json(msg=response)
if module.params['auto_publish_session']:
publish(connection)

result['changed'] = True
result['checkpoint_hosts'] = response
else:
pass
elif code == 404:
code, response = create_host(module, connection)
if code != 200:
module.fail_json(msg=response)
if module.params['auto_publish_session']:
publish(connection)

result['changed'] = True
result['checkpoint_hosts'] = response
else:
if code == 200:
# Handle deletion
code, response = delete_host(module, connection)
if code != 200:
module.fail_json(msg=response)
if module.params['auto_publish_session']:
publish(connection)

result['changed'] = True
result['checkpoint_hosts'] = response
elif code == 404:
pass

result['checkpoint_session_uid'] = connection.get_session_uid()
module.exit_json(**result)


if __name__ == '__main__':
main()
main()
ProTip! Use n and p to navigate between commits in a pull request.
You can’t perform that action at this time.